Keep an eye out for this phishing campaign

There are always a variety of phishing campaigns going around.  This makes it hard to keep track of all of them.  Nonetheless, it is important to stay up to date the best you can.

This is why we are writing about one of the latest phishing campaigns that has been highlighted in the news lately.  It’s a new spear-phishing campaign that has caught the attention of the FBI and CIA.

The spear-phishing campaign is trying to infect PCs with Trickbot and using a new tactic to get victims to open the email.

The tactic is the email claiming they have proof of a traffic violation.  A traffic violation is the perfect social engineering tactic since people will get scared that they are going to get a ticket and will open the email to find out more.

Other phishing campaigns such as the pandemic vaccine emails or tax season phishing emails are some of the ones people are most used to hearing about, which means they are also watching out for them.

The traffic violation email approach on the other hand is not as popular; making it a great tactic for cyber criminals to use.

This particular phishing campaign contains a link that sends users to a compromised website.  Then, when users click on the photo to see the proof of their traffic violation, they download a JavaScript file.  Consequently, when opened, it connects to a command-and-control server that downloads Trickbot onto their system.

For those of you who don’t know or don’t remember, Trickbot began as a banking trojan.  It is now one of the most powerful tools available to cyber criminals because it gives them the ability to deliver their own malware.

Once Trickbot is on their system it creates a backdoor on Windows machines, which allows the cyber criminal to steal sensitive data such as login credentials.  Some versions of Trickbot can also spread across entire networks.  Trickbot is highly customizable and allows for additional attacks by the malware, can serve as a downloader, and if that wasn’t enough, it can also exploit infected machines for cryptomining.

The best advice and actions you can take to protect your business from this phishing campaign, and new ones that will come about in the future, are the following three things.

1. Train employees on phishing and social engineering.
2. Set up a holistic cybersecurity posture with best practices simplified for all to understand.
3. Stay up to date with security patching, the overall management process of patching, password management, multi-factor authentication across the enterprise, and security application configuration settings.

If you need support for the above three steps here is how NCX Group can help.

1. For your employee training – Check out our complete Cybersecurity Training solution.  You can also try it out for free.
2. To set up a holistic cybersecurity posture the easy and fast way – Our MyCSO services are perfect for the small and medium-sized business.
3. Set up a free consultation with us.  Our security experts are always ready to guide you on the path to effective cybersecurity best practices, so you don’t have to feel confused or overwhelmed and not sure if you did it right or not.  Give us a call!

Schedule your free consultation at any time; for anything related to your company’s cybersecurity needs, not only phishing threats.

Photo courtesy of Ribah